On the Application of the Right to be Forgotten: An Inquiry

A Paper presented to the

Atene de Davao University
College of Law

In Partial Fulfillment of the

Requirements for the Course
Legal Research

Leonido II S. Lusañez
Richelle B. Batzar
Cornelio E. Martinez III
Edward Albert M. Luman-ag

October 2019
Situating the Right to be Forgotten in the Context of Philippine Civil Law: A Study

I. Introduction

Background of the Study

No less than the Philippine Constitution guarantees the right to privacy and
determines its extent. Written in Article III(3), paragraph 1, it states that “[the] privacy of
communication shall be inviolable except upon lawful order of the court, or when
public safety or order requires otherwise, as prescribed by law.”1 Working in concert with
this right is the command of Article 26 of the Civil Code of the Philippines, thus stated:

“Article 26. Every person shall respect the dignity, personality, privacy and peace of
mind of his neighbors and other persons. The following and similar acts, though they
may not constitute a criminal offense shall produce a cause of action for damages,
prevention and other relief.” (Emphasis supplied) 2

However, its sovereign power exists under the gravity of an ever-smaller world, and
nowhere is this more apparent than its most recent creation: the Internet. Since its first
iterations in the 1980s, it has undoubtedly come far. From its relatively puny role as a
facilitator of military communication, it has since given rise to automation and industry as
we know it today. Nowadays, it is extremely easy for anyone to have food delivered
straight to their homes and communicate with others using nothing but a phone, yet with
these innovations come new challenges, including legal ones. Spinello (2017) writes:

1 1987 Constitution, as stated in LawPhil: https://www.lawphil.net/consti/cons1987.html

2 As seen in the Official Gazette:
https://www.officialgazette.gov.ph/downloads/1949/06jun/19490618-RA-0386-JPL.pdf
 “... [A] fundamental problem with a particular sovereignty imposing its will on the Internet is
that laws and regulations are based on geography-- they have force only within a certain
territorial area, for example, a state, country or nation. (p. 47)” 3

With the Net’s capacity to largely evade regulation comes the fact that, in essence,
free speech and privacy are stretched to their logical extremes. For the former, the speed
with which information is disseminated as well as the distance it covers facilitates
unrestricted political discourse, including the spread of terrorist ideology on social media
sites4. For the latter, the guarantee of near-absolute anonymity can be used as a weapon
to compromise the privacy of others, as in the painful reality of revenge pornography.5

The problem does not end here, however. The crisis of jurisdiction is further
compounded by the fact that the Internet has an unforgiving memory. As information
spreads, the difficulty of omitting or deleting it when necessary increases manifold, to the
point where states at large can only really create laws which compel those with a
modicum of control over certain sections 6 of the Internet (i.e, social media sites,
browsers) to, if possible and under specific legal conditions, delete personal data when
requested.

The mark of legal progress on this ground at least is aptly named the right to be
forgotten, also known as the right to erasure. In essence, it serves as an extension of

3 Richard A. Spinello, Cyberethics: Morality and Law in Cyberspace (6th Edition, 2017).
4 Alfifi, et al, in their study entitled Measuring the Impact of ISIS Social Media Strategy had in their dataset as many as
“9.3 billion tweets representing all tweets generated in the Arabic language in 2015. (p.1)” Which they further
subdivided to include ISIS-related tweets, retweets and mentions (p.2)
5 In Marthe Goudsmit’s Revenge Pornography: A Conceptual Analysis / Undressing a Crime of Disclosure, plenty of
instances are mentioned where the privacy of individuals has been violated. Nearly all of these cases involve the
common thread of victims being put on the spotlight at their expense while perpetrators enjoy the Internet’s veil of
privacy.
6 Michael Chertoff, in an article entitled A Public Policy Perspective of the Dark Web (2017), summarizes the added
complexity of regulating the Deep Web as opposed to Surface Web perfectly: “When new technologies arise, the
government must determine its role in regulating them. Technological progress can change the ways our laws apply
and necessitate new laws. […] The Dark Web is a brand new topic to many policy-makers, and it is essential that they
become informed before enacting policy rather than learning from mistakes. (pp. 31-32)” Available in:
https://doi.org/10.1080/23738871.2017.1298643
one’s right to privacy by allowing people to delete information already made public (or, to
put more precisely, already at the hands of third-party entities) upon request. The
European Union summarizes this right through Article 17, Section 1 of the General Data
Protection Regulation (GDPR), stating:

“The data subject shall have the right to obtain from the controller the erasure of
personal data concerning him or her without undue delay and the controller shall have
the obligation to erase personal data without undue delay…”7 (Emphasis supplied)

The right has also been adopted by various jurisdictions including our own, and while
the Data Privacy Act of 2012 does not clothe the right to erasure in the same exact
language, it nevertheless succeeds in being faithful to its original meaning. Section 16(e)
states the aforementioned right in this manner:

“Section 16. Rights of the Data Subject. – The data subject is entitled to:

(e) Suspend, withdraw or order the blocking, removal or destruction of his or her
personal information from the personal information controller’s filing system upon
discovery and substantial proof that the personal information are incomplete, outdated,
false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for
the purposes for which they were collected. In this case, the personal information controller
may notify third parties who have previously received such processed personal
information”8 (Emphasis supplied)

Theoretically, therefore, Filipinos as Data Subjects are guaranteed the ability to

compel third party entities to erase data pertaining to them under specific circumstances,
namely that the information in question be (1) incomplete, (2) outdated, (3) false, (4)
unlawfully obtained, (5) used for unauthorized purposes, (6) [is] no longer necessary for

7 See the General Data Protection Regulation, available in: https://gdpr-info.eu/chapter-3/

8 See the Data Privacy Act of 2012, available in
LawPhil:https://www.lawphil.net/statutes/repacts/ra2012/ra_10173_2012.html
the purpose of which they are collected. However, it shall be argued for this paper’s
purposes that such remains inadequate.

Statement of the Problem

Salient to the purpose of this paper is the following problem: the right to be forgotten
as written in the Data Privacy Act of 2012 lacks corresponding jurisprudence through
which it can be reasonably interpreted. The very language under which it is written
specifies various conditions which are not covered under the same law’s Definition of
Terms. Granted, the law in question states that the right to erasure can only be invoked
“upon discovery and substantial proof”9 that said conditions are met, but without a
clear definition of said circumstances, the right to erasure remains on murky footing.

We are compelled to conclude that the right to be forgotten is purposefully written as

such to make room for liberal interpretations, as there can be no doubt that rigid
adherence to the specified preconditions mentioned in said law could potentially result in
the contravention of various other constitutional rights. Indeed, the obvious tension
between the right to be forgotten as a modern extension of the right to privacy and the
right to free speech spells significant challenges for various jurisdictions.10 A prophetic
disposition must therefore be assumed: that sooner or later the same shall fate shall
befall our Courts, as more and more people continue to litigate within the context of the
Internet.11

9 Ibid.
10 See Edward Lee’s The Right to be Forgotten v. Free Speech. Talking about the problems of invoking it in the United
States, he says: “Of course, one would expect such a RTBF law to face a First Amendment challenge. Google can assert
a First Amendment right in its search results, a view supported by several district court decisions. Google could argue
the right to be forgotten violates Google’s speech by forbidding it from displaying certain search results related to a
search of a person’s name. (p.93)” Available in:
https://kb.osu.edu/bitstream/handle/1811/80043/ISJLP_V12N1_085.pdf
11See Vivares v. STC, G.R. No. 202666, September 29, 2014 and Disini v. The Secretary of Justice, G.R. No. 203335, 11
February 2014 as examples. These cases involved, in brief, how privacy could be waived and questions on the
Cybercrime Law’s constitutionality respectively.
 Another problem worth raising lies in the efficacy of the right mentioned. As tackled,
this is an exclusively jurisdictional right, and the Internet is a global place with people from
all over the world congregating around it every day. This has undoubtedly shaped the
very conception of the Act, in that litigation can be brought to bear against personal
information controllers vis-a-vis their filing systems. 12 The law defines “personal
information controllers” as follows:

“Section 3. Definition of Terms. – Whenever used in this Act, the following terms shall have
the respective meanings hereafter set forth:

(h) Personal information controller refers to a person or organization who controls

the collection, holding, processing or use of personal information, including a
person or organization who instructs another person or organization to collect, hold,
process, use, transfer or disclose personal information on his or her behalf. The term
excludes:

(1) A person or organization who performs such functions as instructed by another

person or organization; and

(2) An individual who collects, holds, processes or uses personal information in

connection with the individual’s personal, family or household affairs.” 13 (Emphasis
supplied)

By its very language, the law implies that its power is essentially limited by the very
size and reach of the person or organization subject to the lawsuit. If the entity
responsible for collecting or using the information is relatively small, as in the case of
start-up companies, and should someone decide to invoke the right to be forgotten
12 Data Privacy Act of 2012, Section 16e states: “The data subject is entitled to: (e) Suspend, withdraw or order the
blocking, removal or destruction of his or her personal information from the personal information controller’s filing
system” (Emphasis ours) Available in LawPhil:
https://www.lawphil.net/statutes/repacts/ra2012/ra_10173_2012.html
13 Id.
against them, the law can only compel said organizations or individuals to delete the data
on their end. Assuming that said entity was the primary source, if said data have already
been spread elsewhere by other people to the point where it’s impossible to obliterate the
information in question to maximum satisfaction, people may be left with no other
recourse, with the only consolation left to them being the ability to seek damages.14

Further still, we are simultaneously constrained and blessed by the fact that our
Courts adhere to the doctrines of stare decisis15 and constitutional supremacy16. On the
one hand, as shall be elaborated in the Review of Related Literature, reliance on
precedence would mean testing the limits of current rulings on the very concept of privacy
and exploring its various implications on the right to be forgotten. On the other, the
doctrine of constitutional supremacy constrains us to interpret all secondary sources
under the context of our very own Constitution. Both of these caveats will be crucial in the
analysis of all subsequent sources, as shall be laid out in the Scope and Limitations.

Concluding thusly, the primary problem for our consideration is best summarized in
the following question: How shall the right to be forgotten be applied?

Scope, Limitations and Methodology

14 Id. Section 16(f) states: “The data subject is entitled to: (f) [be] indemnified for any damages sustained due to such
inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.”
15 As stated in Fermin v. People, G.R. No. 157643, March 28, 2008, as seen in LawPhil:
https://lawphil.net/judjuris/juri2008/mar2008/gr_157643_2008.html “The doctrine of stare decisis enjoins adherence
to judicial precedents. It requires courts in a country to follow the rule established in a decision of the Supreme Court
thereof. That decision becomes a judicial precedent to be followed in subsequent cases by all courts in the land. The
doctrine of stare decisis is based on the principle that once a question of law has been examined and decided, it should
be deemed settled and closed to further argument.”
16 As explained in Manila Prince Hotel v. GSIS, G.R. No. 122156, February 3, 1997, Ibid.: “Under the doctrine of
constitutional supremacy, if a law or contract violates any norm of the constitution that law or contract whether
promulgated by the legislative or by the executive branch or entered into by private persons for private purposes is
null and void and without any force and effect. Thus, since the Constitution is the fundamental, paramount and
supreme law of the nation, it is deemed written in every statute and contract.”
 To delineate the scope and limitations of this study, it is necessary to first talk about
the theoretical and practical aspects of this paper. As has been shown in the
aforementioned discussions, the right to erasure has not once seen application in
Philippine jurisprudence. Thus, it would be foolhardy to simply start subsequent
discussions by making criteria for application without first stating theoretical bases. As
such, it is inevitable that discussions from here on out ought to begin with definitions and
rulings on privacy and free speech, since it is the tension between the two that had
essentially started all legal discourse of the aforementioned right to begin with. Put in
another way, touching upon Constitutional Law, if only briefly as the situation would
demand, would almost certainly be in order before we begin answering the question
stated above.

In order to stay consistent with the doctrine of stare decisis, national case law
tackling the intricacies and subtleties of freedom of speech and privacy will be taken into
consideration, with the purpose of describing current attitudes on these two individual
rights. The theoretical analysis to be employed shall rely on the following sub-questions:

1) What does current jurisprudence say about the right to free speech and
privacy?

2) What are the sources of contention between the two, if there are any?

3) What are the implications of these rulings on the right to be forgotten?

Once these questions have been answered, we shall look into landmark international
cases and other secondary sources, specifically discussing how these states applied the
right within their respective jurisdictions. On this note, the words of Damian Mapa, one of
the co-authors of the Implementing Rules and Regulations of Republic Act No. 10173,
known as the “Data Privacy Act of 2012” are instructive:
 “[The] DPA may be viewed as a Philippine implementation of the GDPR – in alignment with
Recital 8 of the GDPR: “States may, as far as necessary for coherence and for making the
national provisions comprehensible to the persons to whom they apply, incorporate
elements of this Regulation into their national law. (p.1)” 17

Thus, since the Data Privacy Act 2012 ultimately draws strength from the European
Union’s interpretations of data privacy and protection, we shall make use of the
controversial case of Google Spain v. AEPD and the recent Google v. CNIL case so as to
shed light on two key points: (1) how the European Union tried to resolve the conflict
between fundamental rights, and (2) how these cases could prove instructive within the
context of Philippine laws. Both of these questions, when answered, shall form the
practical part of this study.

Accordingly, the Discussion shall be divided into two parts: the first, which recounts
the attitude of our legal system on matters pertaining to privacy and free speech, shall
form the Discussion on Theory. The latter, which shall attempt to compare key foreign
rulings with our own theoretical considerations of the two, shall form the Discussion on
Practice.

Definition of Terms

For our purposes, the following terms and definitions shall be salient in our
subsequent discussions:

17 See Mapping the Philippine Data Privacy Act and the GDPR: A White Paper from the EITSC (2018), available in:
https://eitsc.com/wp-content/uploads/2018/05/Mapping-the-DPA-and-GDPR.pdf
 Data Subject - refers to an individual whose personal information is processed.18

Right to be Forgotten - the right to compel third party entities to delete personal
information upon request.

Personal Information - refers to any information whether recorded in a material

form or not, from which the identity of an individual is apparent or can be reasonably and
directly ascertained by the entity holding the information, or when put together with other
information would directly and certainly identify an individual.19

Significance of the Study

It is hoped that the comparative approach stated above would help guide judicial
decisions in the future, especially in the elaboration of the circumstances laid down in the
Data Privacy Act’s right to be forgotten. For indeed, while we have undoubtedly gained
wisdom from our perusal of foreign knowledge in the protection of our Constitutional right,
as seen in our manifest acknowledgment of the European Union’s influence on the DPA,
there is still much cause for anxiety, if only because we have yet to truly see the right to
be forgotten in action.

Lest it be forgotten, we must be reminded that the Internet’s grip on societal affairs
grows by the day, and with the quintessential challenge it offers on the enforcement of
laws in the modern age, we as researchers also highly encourage further scholarship and
debate on the issues at hand. The two we have chosen for our study: (1) Privacy vs. Free
Speech and (2) the right’s vagueness are but mere fragments of a much larger and
heated debate both within scholarly circles and every day life. Little more can be said,

18 Data Privacy Act of 2012, Section 3(c) as seen in LawPhil:

https://www.lawphil.net/statutes/repacts/ra2012/ra_10173_2012.html
19 Id. Sec 3(g).
therefore, about the need to commence a study on a novel legal concept that could
provide protection for generations to come.

II. Discussion: On the Theory of Privacy

The concept of privacy has been the subject of intense discussion in Philippine
jurisprudence, with respondents raising privacy concerns from within the government, as
in the case of Pollo v. Constantino-David, and the private sector, as in the case of Vivares
v. STC. The former, in particular, was about a government employee suspected by then
Civil Service Commission chairwoman Karina Constantino-David of having a conflict of
interest. After launching an investigation, it was revealed that petitioner had in his
possession draft pleadings of respondents of various CSC cases, and that he may have
been “knowingly, deliberately and willfully aiding and advancing interests adverse and
inimical to the interest of the CSC as the central personnel agency of the government
tasked to discipline misfeasance and malfeasance in the government service.”20

Naturally, petitioner insisted that such constituted a breach of his right to privacy,
specifically stating that his personal files in his office computer were seized without his
knowledge and consent. Already, the case before us offers a unique issue, in that the
petitioner sought for the Supreme Court to consider the personal files on his workplace
computer as part of his Constitutional right, contrary to the ruling by the Court of Appeals
that “data stored in the government computers are government properties including the
personal files.”21

In the case at bar, the Supreme Court sided with the respondent and upheld the CA
ruling, stating:

20 Pollo v. Constantino-David, G.R. No. 181881, October 18, 2011, as seen in LawPhil:
https://lawphil.net/judjuris/juri2011/oct2011/gr_181881_2011.html
21 Id.
 “We answer in the negative. Petitioner failed to prove that he had an actual (subjective)
expectation of privacy either in his office or government-issued computer which
contained his personal files. Petitioner did not allege that he had a separate enclosed
office which he did not share with anyone, or that his office was always locked and not open
to other employees or visitors. Neither did he allege that he used passwords or adopted any
means to prevent other employees from accessing his computer files.” (Emphasis ours) 22

In determining the answer above, the Court based its analysis on its inference from
the opinions of various luminaries, forming the criteria that would seal petitioner’s fate:

“Applying the analysis and principles announced in O’Connor and Simons to the case at bar,
we now address the following questions: (1) Did petitioner have a reasonable
expectation of privacy in his office and computer files?; and (2) Was the search
authorized by the CSC Chair, the copying of the contents of the hard drive on petitioner’s
computer reasonable in its inception and scope?

In this inquiry, the relevant surrounding circumstances to consider include "(1) the
employee’s relationship to the item seized; (2) whether the item was in the immediate
control of the employee when it was seized; and (3) whether the employee took
actions to maintain his privacy in the item. xxxx" (Emphasis ours)

A cursory examination of the criteria mentioned above would yield the conclusion
that in our legal system, privacy is something that the government alone cannot protect.
By default, the individual invoking his privacy must work in complete concert and
accordance with the constitutional right he is so adamantly set on defending. In the case
at bar, the very fact that the petitioner had worked for an office which blatantly had in its
“Computer Use Policy” a clause declaring that “users expressly waive any right to privacy
in anything they create, store, send, or receive on the computer through the Internet or
any other computer network”23 was fatal to his cause.

22 Id.
23 Id.
 Further, the addition of a “reasonable expectation of privacy” requirement raises
interesting implications in our paper’s prevailing context. The various foreign
jurisprudence the Supreme Court marshaled to resolve the question struck us to have
one key factor in mind: the setting which the individual happened to be in at the time.
Sufficient for our purposes is this example the Supreme Court used, to wit:

“In the 1967 case of Katz v. United States, the US Supreme Court held that the act of FBI
agents in electronically recording a conversation made by petitioner in an enclosed public
telephone booth violated his right to privacy and constituted a "search and seizure".
Because the petitioner had a reasonable expectation of privacy in using the enclosed
booth to make a personal telephone call, the protection of the Fourth Amendment
extends to such area. In the concurring opinion of Mr. Justice Harlan, it was further noted
that the existence of privacy right under prior decisions involved a two-fold requirement: first,
that a person has exhibited an actual (subjective) expectation of privacy; and second, that
the expectation be one that society is prepared to recognize as reasonable (objective).” 24
(Citations omitted, emphasis ours)

As one may observe, however, not only is the Internet a location in its own right, it is
one which constantly escapes the watchful gaze of sovereign powers. Does this mean,
therefore, that perusal of the internet constitutes a waiver of the right to privacy, by virtue
of the fact that using it means necessarily ceding information to internet service providers
and other third-party entities? If not, when is there a waiver of privacy and when isn’t
there? What sort of information must be conceded for us to consider our privacy waived?
To be even more precise, does the same doctrine apply to the internet?

Related to this line of questioning no doubt is the case of Vivares v. STC. In the case
at bar, petitioners’ children were barred by respondent school through their disciplinary
committees from attending the graduation rites due to the former taking pictures of
themselves wearing nothing but their undergarments and subsequently uploading their

24 Id.
photos on Facebook ((through Angela Lindsay Tan’s profile). Among other things,
petitioners had grounded the validity of their case upon a reasonable expectation of
privacy in the context of a social media website, namely that “The privacy setting of their
children’s Facebook accounts was set at "Friends Only." They, thus, have a reasonable
expectation of privacy which must be respected.”25

As to whether or not the conditions for such were satisfied, the Supreme Court ruled
against them, stating:

“Before one can have an expectation of privacy in his or her [online social network]
activity, it is first necessary that said user, in this case the children of petitioners,
manifest the intention to keep certain posts private, through the employment of
measures to prevent access thereto or to limit its visibility. And this intention can
materialize in cyberspace through the utilization of the OSN’s privacy tools. In other words,
utilization of these privacy tools is the manifestation, in cyber world, of the user’s invocation
of his or her right to informational privacy.

xxxx

It is well to emphasize at this point that setting a post’s or profile detail’s privacy to
"Friends" is no assurance that it can no longer be viewed by another user who is not
Facebook friends with the source of the content. The user’s own Facebook friend can
share said content or tag his or her own Facebook friend thereto, regardless of whether the
user tagged by the latter is Facebook friends or not with the former. Also, when the post is
shared or when a person is tagged, the respective Facebook friends of the person who
shared the post or who was tagged can view the post, the privacy setting of which was set
at "Friends."26 (Emphasis supplied)

25 Vivares vs. STC, G.R No. 202666, September 29, 2014, Ibid.
26 Id.
 In other words, the ruling indicates that intent can manifest in the perusal of the
privacy tools afforded by Facebook to protect the anonymity of their users. By using the
privacy tools on one’s online social network, one is therefore deemed to have not waived
their right to privacy. In a sense, then, the emphasis of the reasonable expectation of
privacy, at least in the context of the internet seems to have changed from place to
intent to account for the transition to the information age. However, this interpretation
comes with its own problems.

For starters, this doctrine is only instructive and applicable to the parts of personal
data where you can exercise some degree of control. Indeed, the very same case
acknowledges that Facebook’s privacy guarantee has a ceiling. 27 Unfortunately, this
“ceiling” has taken on the form of data leaks and breaches2829 throughout the years. This
merely reinforces the idea that the right to be forgotten should be specified. Another note
to make is that while it is true that the doctrine was applied in the context of the petitioners
applying for a writ of habeas data30, the Supreme Court’s parting words do not exactly
inspire confidence either. It reads:

“It is, thus, incumbent upon internet users to exercise due diligence in their online
dealings and activities and must not be negligent in protecting their rights. […]
Demanding relief from the courts, as here, requires that claimants themselves take

27 Id, “To address concerns about privacy,30 but without defeating its purpose, Facebook was armed with different
privacy tools designed to regulate the accessibility of a user’s profile as well as information uploaded by the user. In H
v. W, the South Gauteng High Court recognized this ability of the users to "customize their privacy settings," but did
so with this caveat: "Facebook states in its policies that, although it makes every effort to protect a user’s
information, these privacy settings are not foolproof."
28 New York Times: Facebook Security Breach Exposes Accounts of 50 Million Users, available in:
https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html
29 The Guardian: Ted Cruz using firm that harvested data from millions of unwitting Facebook users. Available in:
https://www.theguardian.com/us-news/2015/dec/11/senator-ted-cruz-president-campaign-facebook-user-data
30 Id. “The writ of habeas data is a remedy available to any person whose right to privacy in life, liberty or security is
violated or threatened by an unlawful act or omission of a public official or employee, or of a private individual or
entity engaged in the gathering, collecting or storing of data or information regarding the person, family, home and
correspondence of the aggrieved party. It is an independent and summary remedy designed to protect the image,
privacy, honor, information, and freedom of information of an individual, and to provide a forum to enforce one’s
right to the truth and to informational privacy. It seeks to protect a person’s right to control information regarding
oneself, particularly in instances in which such information is being collected through unlawful means in order to
achieve unlawful ends.”
 utmost care in safeguarding a right which they allege to have been violated. These
are indispensable. We cannot afford protection to persons if they themselves did
nothing to place the matter within the confines of their private zone. OSN users
must be mindful enough to learn the use of privacy tools, to use them if they desire to
keep the information private, and to keep track of changes in the available privacy
settings, such as those of Facebook, especially because Facebook is notorious for
changing these settings and the site's layout often.”31 (Emphasis supplied)

The above-mentioned sentiment of the Court puts the problem up for display.
Basically, the insistence of current jurisprudence to demand proactive action for the
protection of the right to privacy may not hold up well when faced with a litigation on the
right to be forgotten. This is because the right, by design, is invoked after the fact. The
right to be forgotten includes in its criteria “outdated,”32 which necessarily means that any
outdated personal data may be stricken from third-party records at the request of the data
subject.

To summarize the discussion above, the right to privacy seems to demand that we
pay attention to it ourselves. Existing jurisprudence cautions us against recklessly
invoking the right without care for the ramifications or consequences thereof. We shall
bear this in mind for the next few parts, but for now, we shall proceed with the next
discussion.

II-A. Discussion: On the Theory of Free Speech

31 Id.
32 Data Privacy Act of 2012, Section 16(e) as seen in LawPhil:
https://www.lawphil.net/statutes/repacts/ra2012/ra_10173_2012.html “ Section 16. Rights of the Data Subject. –
“The data subject is entitled to:(e) Suspend, withdraw or order the blocking, removal or destruction of his or her
personal information from the personal information controller’s filing system upon discovery and substantial proof
that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes
or are no longer necessary for the purposes for which they were collected.”
 We are graced with a wealth of jurisprudence discussing the extent and doctrines
associated with free speech. For our paper’s consideration is the case of Chavez v.
Gonzales.33 The case is essentially about the wiretapping scandal that once haunted
former President Arroyo’s term. Briefly, petitioner sued respondent for allegedly trying to
curtail the right to free speech and expression when the latter through the NTC tried to
stem the flow of media coverage on the alleged wiretapped tapes through a stern warning
in a press conference. Of course, this has essentially formed the crux of the issue:
whether or not the NTC had violated the right to free speech and expression.

The Supreme Court ruled in favor of petitioner, stating among other things that the
warnings were all but coercive and did not need to be part of a circular. “[The warnings]
came from the Secretary of Justice, the alter ego of the Executive, who wields the
awesome power to prosecute those perceived to be violating the laws of the land. After
the warnings, the KBP inexplicably joined the NTC in issuing an ambivalent Joint Press
Statement.” Now, what is primarily interesting about this case is the exhaustive nature of
its discussion on free speech and the press. In the case at bar, the Court meticulously set
out the limits of what would otherwise be a completely limitless right, as stated in the
following wise:

“Generally, restraints on freedom of speech and expression are evaluated by either or a

combination of three tests, i.e., (a) the dangerous tendency doctrine which permits
limitations on speech once a rational connection has been established between the
speech restrained and the danger contemplated; (b) the balancing of interests tests,
used as a standard when courts need to balance conflicting social values and
individual interests, and requires a conscious and detailed consideration of the
interplay of interests observable in a given situation of type of situation; and (c) the
clear and present danger rule which rests on the premise that speech may be
restrained because there is substantial danger that the speech will likely lead to an
evil the government has a right to prevent. This rule requires that the evil consequences

33 G.R. No. 168338, February 15, 2008, as seen in the Official Gazette:
https://www.officialgazette.gov.ph/2008/02/15/chavez-v-gonzales-g-r-no-168338-february-15-2008/
 sought to be prevented must be substantive, “extremely serious and the degree of
imminence extremely high.”34

The summary of this doctrine is essentially that the right to free speech is to be
curtailed or questioned only in the most critical of times. Of course, this also implies that
the Constitution puts a high premium on the preservation of free speech, especially
among other rights-- a kind of primus inter pares-- if one permits. However, this nearly
rigid adherence, assailable only by the strictest application of the doctrine above, opens
new problems, especially as regards personal data. Now, to be clear, it is known that the
Supreme Court is no stranger to resolving the conflict between free speech and privacy
per se. In the case of Cabansag v. Fernandez35 the Court expounded on the clear and
present danger rule in the context of free speech and privacy:

This rule had its origin in Schenck vs. U. S. (249) U. S. 47), promulgated in 1919, and
ever since it has afforded a practical guidance in a great variety of cases in which the
scope of the constitutional protection of freedom of expression was put in issue. In one of
said cases, the United States Supreme Court has made the significant suggestion that
this rule "is an appropriate guide in determining the constitutionality of restriction
upon expression where the substantial evil sought to be prevented by the
restriction is destruction of life or property or invasion of the right of privacy"
Thornhill vs. Alabama, 310 U.S. 88).

However, the curious aspects of the right to be forgotten make for a challenging
prospect. As mentioned, the primary objective of the right lies in the ridding of personal
data upon a request made to a third-party entity keeping information about the data
subject within Philippine jurisdiction. The fundamental problem is that the right to be
forgotten does not necessarily consider the emotions of the data subject at the time of
filing. It does not matter whether or not they hold grudges against the data; it is entirely
possible that he may have moved on from that and at best, the data being erased is just a

34 Id.
35 G.R. No. L-8974, October 18, 1957, as seen in LawPhil:
https://lawphil.net/judjuris/juri1957/oct1957/gr_l-8974_1957.html
loose fragment in one’s life that one wishes to totally get rid of. Other jurisdictions, such
as shall be discussed in the next discussion, only care about whether you wish to invoke
it or not.

Another interesting caveat of the Chavez case is how it differentiated the treatment of
free speech across multiple kinds of media. In particular, the focus of regulation is much
stronger on broadcast media than on print media. The Court reasons that it is due to the
“particular impact on audiences.”36 However, since this case was last written, the Internet
had since been catapulted into public consciousness, with most people actually deriving
their entertainment not from traditional TV, but “Google’s Youtube, Facebook, and
Netflix.”37 Far be it for us to say whether or not traditional broadcast media really is dying,
but suffice it to say, entertainment tastes are changing once again, and there is every
indication that the impact might be even stronger.

To conclude, there is no doubt that the Philippines considers free speech and
expression a most sacred fundamental right. After all, multiple rulings have decreed that
the tests said right may undergo must be observed very strictly. From Chavez’s
discussions on the discrepancy in treatment between print and broadcast media, we were
able to show the ever-tightening hold of the Internet on our lives. There is no doubt that
these shall all prove instructive in the implementation of the Right, should a lawsuit be
forthcoming.

III. Discussion: The Right as Practiced

Now that the theoretical part of the discussion has been laid out, we are ready to
discuss the application proper, and nowhere is more appropriate than in a brief analysis
of Google Spain v. AEPD. The case in question may have existed under the umbrella of

36 Id.
37 New York Times. Why Traditional TV is in Trouble. Found in:
https://www.nytimes.com/2018/05/13/business/media/television-advertising.html
the now-repealed Directive 95/46/EC (also known as the Data Protection Directive),38 but
it is still hailed today as the one case law that has significantly changed the relationship
between third-party entities and individual users within the European Union.39 According
to the same, on March 5, 2010 respondent Costeja Gonzalez sued Google Spain with the
request that an old article (published in 1998) from the local newspaper La Vanguardia,
as well as any and all traces reasonably within the context of Google as a search engine,
be deleted so as to make sure said information can no longer be traced back to him.

The petitioner’s defense essentially aimed for “the activity of search engines [to not]
be regarded as processing of the data which appear on third parties’ web pages
displayed in the list of search results, given that search engines process all the
information available on the internet without effecting a selection between personal data
and other information,”40 with the obvious result being that Google and all other search
engines be rendered the exception as to what constitutes “controllers” (third parties).

The issue, in a nutshell, was whether or not Costeja Gonzalez had the right to
compel Google to delete information pertaining to him, pursuant to Article 12 (b) of
Directive 95/46/EC. 41 The ruling that came with the case was naturally decisive. In
support of Gonzalez’s case, the European Court of Justice declared henceforth:

38 Article 94, Sec. 1 of the GDPR states: “Art. 94 GDPR Repeal of Directive 95/46/EC

(1) Directive 95/46/EC is repealed with effect from 25 May 2018.”

39 The full extent of its early days are recorded in Taylor Wessing’s The Evolution of EU’s “right to be forgotten.”
“Search engines scrambled to understand and comply with the judgment as they were inundated with deletion
requests. By October 2014, Google had evaluated 498,737 URLs and removed 41.8% of those.” Available in
https://www.lexology.com/library/detail.aspx?g=9fdd94f9-0b90-4a76-9f2d-57a56eb8f2d6
40 Google Spain v. AEPD (para. 22), Docket no.62012CJ0131 as found in EurLex:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62012CJ0131
41 Directive 95/46/EC as seen in EurLex
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX%3A31995L0046%3Aen%3AHTML states it in this
manner: “Article 12 /Right of access /Member States shall guarantee every data subject the right to obtain from the
controller: (b) as appropriate the rectification, erasure or blocking of data the processing of which does not comply
with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data.”
 “As the data subject may, in the light of his fundamental rights under Articles 7 and 8 of the
Charter, request that the information in question no longer be made available to the general
public by its inclusion in such a list of results, it should be held […] that those rights
override, as a rule, not only the economic interest of the operator of the search
engine but also the interest of the general public in finding that information upon a
search relating to the data subject’s name. However, that would not be the case if it
appeared, for particular reasons, such as the role played by the data subject in public life,
that the interference with his fundamental rights is justified by the preponderant interest of
the general public in having, on account of inclusion in the list of results, access to the
information in question.”42 (Paragraph 91, emphasis supplied)

Paragraph 81 of the same carries the exhortation of the European Court that “a fair
balance should be sought between [the interest of other parties to access said
information] and the Data Subject’s fundamental rights.”43 The deliberations at hand
yielded for them the conclusion that at least at this juncture, more considerable emphasis
should be placed on the privacy of the user, having already compared his fundamental
right as opposed to not only Google’s, but hypothetical third parties who may be
interested in checking out the information being called for deletion.

Essentially, therefore, in upholding the civil right to be forgotten, the Courts will
inevitably have the contend with putting either the right to privacy or the right to free
speech at the legal pedestal. Unfortunately, this also means there is really no middle
ground on this issue; multiple interests will have to be considered, and we are reminded
of the words of the Civil Code, that “no judge or court shall decline to render judgment by
reason of the silence, obscurity or insufficiency of the laws.”44

Conclusion and Recommendation

42 Id.
43 Id.
44 Civil Code of the Philippines, Article 9, as seen in Official Gazette
https://www.officialgazette.gov.ph/downloads/1949/06jun/19490618-RA-0386-JPL.pdf
 All of the foregoing discussion has yielded the following in summary: (1) that the right
to be forgotten is extremely vague, with no jurisprudence to support its implementation; (2)
that the equation for our country seems to be squarely in favour of free speech; (3) that
current jurisprudence on privacy has not kept up with the realities of the Internet; (4) and
lastly, that foreign jurisdictions which have successfully applied it seems to have
conceded that the privacy of the individual, in certain cases, may in fact be more
paramount than any other interest.

Under the weight of all these problems, it is highly recommended (or even predicted)
that existing doctrines on privacy, specifically the rigidity and proactivity of the ruling on
Vivares v. STC, need to be relaxed in light of special considerations (such as information
being outdated). We may well recall that the case of Google Spain v. AEPD highlighted
this fact in plain sight; the suit was only brought to bear 12 years after the publication of
the articles. Further, at the time, the Costeja Gonzalez had no control over what was
being published, it being the case as a result of an auction. In other words, the Supreme
Court needs to take into account those aspects of privacy which are not within the control
of the aggrieved party.

Second, the Supreme Court has to recognize that the Internet may very well have
even greater impact than broadcast media. It is therefore imperative that doctrines on
free speech in relation to the concept of free press be made ever stricter, as doing so
would inevitably prove useful in the litigation of cases pertaining to the Internet. To put in
a more crude way, members of the Supreme Court need to pay even more attention to
the current movements of the information age. Lastly, later jurisprudence could take
useful guidance from the Google Spain v. AEPD ruling, as the primary reason behind its
appeal is the flipping of priorities in what is largely assumed as the Liberal West. In that
specific case, a man’s fundamental rights were measured against multiple other parties,
and it was concluded that his rights were more paramount. We reckon that such rationale
is very useful too, considering that the Constitution also gives us the same guarantees.
Bibliography
AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS
SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A
NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES, REPUBLIC ACT NO. 10173
(Congress of the Philippines July 25, 2011).

Chertoff, M. (2016, September 08). Taylor & Francis Online. Retrieved from tandfonline.com:
https://www.tandfonline.com/doi/full/10.1080/23738871.2017.129864

Disini v. The Secretary of Justice, G.R. No. 203335 (SUPREME COURT February 11, 2014).

Intersoft Consulting. (n.d.). Retrieved from gdpr-info.eu: https://gdpr-info.eu/art-17-gdpr/

LAWPHIL. (n.d.). Retrieved from lawphil.net: https://www.lawphil.net/consti/cons1987.html

Lee, E. (n.d.). A JOURNAL OF LAW AND POLICY FOR THE INFORMATION SOCIETY. Retrieved from
kb.osu.edu: https://kb.osu.edu/bitstream/handle/1811/80043/ISJLP_V12N1_085.pdf

Official Gazette. (n.d.). Retrieved from officialgazette.gov.ph:

https://www.officialgazette.gov.ph/downloads/1949/06jun/19490618-RA-0386-JPL.pdf

RHONDA AVE S. VIVARES and SPS. MARGARITA and DAVID SUZARA vs. ST. THERESA'S COLLEGE, MYLENE
RHEZA T. ESCUDERO, and JOHN DOES, G.R. No. 202666 (SUPREME COURT September 29, 2014).

Spinello, R.A. (2017). Cyberethics: Morality and Law in Cyberspace (Sixth). Burlington, MA: Jones and
Brtlett Learning
 Vivares vs. STC, G.R No. 202666, September 29, 2014, Ibid.

Id.

Id, “To address concerns about privacy,30 but without defeating its purpose, Facebook was armed with different
privacy tools designed to regulate the accessibility of a user’s profile as well as information uploaded by the user. In H
v. W, the South Gauteng High Court recognized this ability of the users to "customize their privacy settings," but did
so with this caveat: "Facebook states in its policies that, although it makes every effort to protect a user’s
information, these privacy settings are not foolproof."

New York Times: Facebook Security Breach Exposes Accounts of 50 Million Users, available in:
https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html

The Guardian: Ted Cruz using firm that harvested data from millions of unwitting Facebook users. Available in:
https://www.theguardian.com/us-news/2015/dec/11/senator-ted-cruz-president-campaign-facebook-user-data

Id. “The writ of habeas data is a remedy available to any person whose right to privacy in life, liberty or security is
violated or threatened by an unlawful act or omission of a public official or employee, or of a private individual or
entity engaged in the gathering, collecting or storing of data or information regarding the person, family, home and
correspondence of the aggrieved party. It is an independent and summary remedy designed to protect the image,
privacy, honor, information, and freedom of information of an individual, and to provide a forum to enforce one’s
right to the truth and to informational privacy. It seeks to protect a person’s right to control information regarding
oneself, particularly in instances in which such information is being collected through unlawful means in order to
achieve unlawful ends.”

Id.

Data Privacy Act of 2012, Section 16(e) as seen in LawPhil:

https://www.lawphil.net/statutes/repacts/ra2012/ra_10173_2012.html “ Section 16. Rights of the Data Subject. –
“The data subject is entitled to:(e) Suspend, withdraw or order the blocking, removal or destruction of his or her
personal information from the personal information controller’s filing system upon discovery and substantial proof
that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes
or are no longer necessary for the purposes for which they were collected.”

G.R. No. 168338, February 15, 2008, as seen in the Official Gazette:
https://www.officialgazette.gov.ph/2008/02/15/chavez-v-gonzales-g-r-no-168338-february-15-2008/

Id.

G.R. No. L-8974, October 18, 1957, as seen in LawPhil:

https://lawphil.net/judjuris/juri1957/oct1957/gr_l-8974_1957.html

Id.

New York Times. Why Traditional TV is in Trouble. Found in:

https://www.nytimes.com/2018/05/13/business/media/television-advertising.html

Article 94, Sec. 1 of the GDPR states: “Art. 94 GDPR Repeal of Directive 95/46/EC

(1) Directive 95/46/EC is repealed with effect from 25 May 2018.”

The full extent of its early days are recorded in Taylor Wessing’s The Evolution of EU’s “right to be forgotten.”
“Search engines scrambled to understand and comply with the judgment as they were inundated with deletion
requests. By October 2014, Google had evaluated 498,737 URLs and removed 41.8% of those.” Available in
https://www.lexology.com/library/detail.aspx?g=9fdd94f9-0b90-4a76-9f2d-57a56eb8f2d6

Google Spain v. AEPD (para. 22), Docket no.62012CJ0131 as found in EurLex:

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62012CJ0131
 Directive 95/46/EC as seen in EurLex
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX%3A31995L0046%3Aen%3AHTML states it in this
manner: “Article 12 /Right of access /Member States shall guarantee every data subject the right to obtain from the
controller: (b) as appropriate the rectification, erasure or blocking of data the processing of which does not comply
with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data.”

Id.

Id.

Civil Code of the Philippines, Article 9, as seen in Official Gazette

https://www.officialgazette.gov.ph/downloads/1949/06jun/19490618-RA-0386-JPL.pdf